So long, and thanks for only using readily available scripts

@article{Holm2017SoLA,
  title={So long, and thanks for only using readily available scripts},
  author={Hannes Holm and Teodor Sommestad},
  journal={Inf. Comput. Secur.},
  year={2017},
  volume={25},
  pages={47-61}
}
Purpose It is often argued that the increased automation and availability of offensive cyber tools has decreased the skill and knowledge required by attackers. Some say that all it takes to succeed with an attack is to follow some instructions and push some buttons. This paper aims to tests this idea empirically through live exploits and vulnerable machines in a cyber range. Design/methodology/approach The experiment involved 204 vulnerable machines in a cyber range… 

Figures and Tables from this paper

Security Countermeasures Selection Using the Meta Attack Language and Probabilistic Attack Graphs

This work formalizes the problem of the selection of countermeasures and proposes a flexible and scalable algorithm for the problem, based on the Meta Attack Language framework, which allows for convenient modelling of critical infrastructure assets as well as for automatic generation of attack graphs describing attacks against them.

Cyber Range Automation Overview with a Case Study of CRATE

This paper investigates automated tools used in cyber ranges and research initiatives designated to augment cyber ranges automation, and investigates the automation features in CRATE, operated by the Swedish Defence Research Agency.

A meta-analysis of field experiments on phishing susceptibility

A meta-analysis of the findings in 48 papers describing field experiments showed that technical warning systems, email personalization, training, and the use of established deceptive tactics influence the susceptibility rate of users to phishing emails.

Classifying Web Exploits with Topic Modeling

  • Jukka Ruohonen
  • Computer Science
    2017 28th International Workshop on Database and Expert Systems Applications (DEXA)
  • 2017
This short empirical paper investigates how well topic modeling and database meta-data characteristics can classify web and other proof-of-concept exploits for publicly disclosed software vulnerabilities, finding near a 0.9 accuracy rate is obtained in the empirical experiment.

A Model for Predicting the Likelihood of Successful Exploitation

This paper presents a model that estimates the likelihood that a detected vulnerability can be exploited, obtained by carrying out an experiment that involved exploit attempts against 1179 different machines within a cyber range.

TestREx: a framework for repeatable exploits

TestREx is presented—a framework that allows for highly automated, easily repeatable exploit testing in a variety of contexts, so that a security tester may quickly and efficiently perform large-scale experiments with vulnerability exploits.

References

SHOWING 1-10 OF 26 REFERENCES

Experimentation on operational cyber security in CRATE Teodor Sommestad

CRATE, the cyber range of the Swedish Defence Research Agency (FOI), has been used and will be used to test hypotheses and tools related to security assessments and situational awareness in the cyber security domain.

Reliability of exploits and consequences for decision support

This paper model the largest class of attackers – a basic attacker who uses the widely available Metasploit Framework penetration testing tool with its dictionary of exploits and shows that there is only a moderate relationship between the popular Common Vulnerability Scoring System exploitability metric and the success of an attacker in the attacker model.

An empirical test of the accuracy of an attack graph analysis tool

The inaccuracy of the vulnerability scanner and MulVAL’s interpretation of vulnerability information are primary reasons for the poor prediction accuracy of the attack graph analysis.

A quantitative evaluation of vulnerability scanning

The data collected in this study show that authenticated vulnerability scanning is usable, however, automated scanning is not able to accurately identify all vulnerabilities present in computer networks.

Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks

This paper presents a statistical analysis of how 18 security estimation metrics based on CVSS data correlate with the time-to-compromise of 34 successful attacks, and suggests that models that only use the weakest link (most severe vulnerability) to compose a metric are less promising than those that consider all vulnerabilities.

A preliminary analysis of vulnerability scores for attacks in wild: the ekits and sym datasets

The final conclusion is that the NVD and EDB databases are not a reliable source of information for exploits in the wild, even after controlling for the CVSS and exploitability subscore.

Performance of automated network vulnerability scanning at remediating security issues

Testing a Collaborative DDoS Defense In a Red Team/Blue Team Exercise

A red team/blue team exercise sponsored by DARPA's FTN program and performed October 2002 --- May 2003 uncovered significant vulnerabilities in tested systems, pointed out desirable characteristics in DDoS defense systems, and taught many lessons about testing of DDoS defenses.

Toward a standard benchmark for computer security research: the worldwide intelligence network environment (WINE)

The unique characteristics of the WINE data are reviewed, why rigorous benchmarking will provide fresh insights on the security arms race is discussed, and a research agenda for this area is proposed.

SVED: Scanning, Vulnerabilities, Exploits and Detection

SVED facilitates reliable and repeatable cyber security experiments by providing a means to design, execute and log malicious actions, such as software exploits, as well as the alerts provided by intrusion detection systems.